An efficient architecture for distributed intrusion detection system

Due to increasing number of network attacks, it is highly crucial to equip networks with an intrusion detection system (IDS). These systems must be able to deal with today´s high speed and large scale networks. In this paper we propose a distributed IDS that performs both data capturing and data analyzing in a distributed fashion. This distributed mechanism enables our system to effectively operate within large scale and high traffic rate networks. We developed a grouping mechanism which divides computers in the network into subsets of computers with a leader and a few members. Subsequently, using a data sharing mechanism we were able to detect distributed attacks. Our data sharing mechanism added an overhead on the network traffic which is negligible compared to the overall network traffic. We simulated our method in NS2 simulation environment. Then we compared our proposed system with a centralized IDS in terms of detection rate, memory usage and packet loss rate. Results showed that our system´s performance was better despite of some extra load imposed by distribution of data processing.